Archive for the ‘Blog’ Category

In this fourth post of my six part blog series, I look to share some of the most helpful techniques I learned while writing CodeQL queries as a security engineer. In the last blog post, I provided tips on how to improve the generalizability of the queries by adding custom function identification classes, and how… » Read More

This is the third post of a six part blog series where I cover the use of CodeQL and Semgrep in bug-hunting. In the previous installments of the series, I provided examples of custom queries and rules that identify CVEs in open-source libraries. In this section, I will be diving deeper into CodeQL, specifically how… » Read More

In the first blog post, I provided examples of a broadly generalizable bug query (written in both CodeQL and Semgrep) that were able to identify previously-known integer overflows CVEs across libraries such as libcurl, json-c, and libexpat. For that example, its simple construction and ability to operate across multiple codebases showcases the potential for CodeQL… » Read More

Huy Dai was previously a summer intern from MIT and has since graduated to join the Caesar Creek Software team in Woburn, MA. During his internship, he performed a security assessment of the Peloton Bike and, upon joining CC-SW full-time, he has conducted research using CodeQL and Semgrep to aid in vulnerability research. Motivation At… » Read More

We love making a difference in our community! Last month, our very own engineer, Paul Thomas, led seven Arrow of Light Cub Scouts (5th graders) from our local Miamisburg Pack 248 to participate in an Engineering Elective Adventure where they learned about different types of engineers. CC-SW provided 7 Raspberry Pi kits and 4 gently… » Read More